Twitter Says High-Profile Hack Tricked Staff With Spear Phishing

The Scope

A Thursday morning blog post update from Twitter informed the public about the recent hack that saw high-profile user accounts compromised with run-of-the-mill Bitcoin scams. According to the release, “spear phishing” attacks took advantage of “human vulnerabilities” to fool employees of the social media giant.

The attack on July 15, 2020, targeted a small number of employees through a phone spear phishing attack. This attack relied on a significant and concerted attempt to mislead certain employees and exploit human vulnerabilities to gain access to our internal systems.

— Twitter Support (@TwitterSupport) July 31, 2020

The update comes two weeks after the hack affected major influencers on the platform including Elon Musk and Bill Gates.

What Is Spear Phishing?

Previously, Twitter had identified the method by which credentials were compromised as a “coordinated engineering attack.” The hackers gained access to the account info of Twitter employees, some of whom had access to internal tools and thus the ability to post on users’ accounts. Standard phishing involves hackers who present themselves as legitimate services like banks. They request users to login, reset a password, or sign into a website. Often, the user will be taken to the true site after the information is stolen, and therefore be completely unaware. Spear phishing is a little more personal, according to security firm Kaspersky:

Spear phishing is an email or electronic communications scam targeted towards a specific individual, organization or business.

Unlike traditional phishing that may send out bulk e-mails hoping to snag a few vulnerable users, spear phishing requires research into a specific target. In other words, the attack was not a lucky break, but a time-consuming and researched attack designed to gain the account details of specific Twitter staff.

Conspiracy Theories

Upon access, the hackers claimed to offer higher amounts of free crypto in return for sending smaller amounts to certain addresses (for charity, of course). Needless to say, those who fell for it received nothing back. Other more sinister motivations have been suggested.

So you understand what happened yesterday

Twitter was hacked.

Anti-Trump videos were flagged.

Anti-Trump videos were not able to be retweeted from a 1000s of accounts, reducing views

You might think this is not a big deal.

But you will think differently when they do it Nov 3

— Don Winslow (@donwinslow) July 17, 2020

With less than $200,000 stolen, the attack may have been designed to humiliate Twitter. Bestselling author Don Winslow suggested it was merely a test run. He believes the hack was connected to manipulation surrounding the U.S. election. Others speculate that it may have been some actor trying to cast cryptocurrencies in a bad light.

The hacker could have started the World War 3.

Instead he scammed people out of 2.5 BTC #twitterhack

— Sasha Ivanov (@sasha35625) July 15, 2020

The attack, though thorough, might not have been all that well coordinated. The New York Times claims to have spoken with several hackers involved in the attack. The smaller actors reportedly interacted with a hacker known as “Kirk” who set up the Bitcoin wallets associated with the debacle. These middle-men claimed to be 19-20-year-olds living in the UK and USA, The Times said. Kirk approached one of them, originally claiming to work for Twitter, offering to sell account details. A hacker that spoke with The Times claims he did not infiltrate any of the high-profile Twitter accounts. Twitter has reportedly since restricted the ability of any user to post strings of numbers and letters, possibly as a way to prevent the posting of wallet addresses.

ℹ️ Due to anti-hack measures taken by Twitter the Whale Alert bot can no longer post any transfers and we cannot manually add them either. We hope Twitter will resolve the issue soon. Transfers are still being posted to our Telegram channel: https://t.co/vVRNZuovHX

— Whale Alert (@whale_alert) July 16, 2020

The company’s share price briefly dipped following the attack, but soon recovered. Critics argue that the media may, once again, be exaggerating the impact of such a hack. Phishing attacks reveal a problem that may never be solved by technology: human error.